US hacker jailed for 41 months for exposing AT&T security flaw
Online activists say punishments for computer crimes that cause no harm are too harsh
A US judge has ordered a 41-month prison sentence for a self-described "security research" hacker for breaking into the AT&T online network in a case criticised by digital rights activists.
Andrew Auernheimer, known online as "weev", was accused of breaching the AT&T network and revealing e-mail addresses of more than 120,000 Apple iPad users to the online news site Gawker in 2010.
Among those affected by Auernheimer's activities were ABC News anchor Diane Sawyer, New York Mayor Michael Bloomberg, Chicago Mayor Rahm Emanuel and Hollywood movie producer Harvey Weinstein, prosecutors said.
The sentence was ordered on Monday by US District Judge Susan Wigenton in Newark, New Jersey.
The case has drawn fire from online rights activists who claim government prosecutors are unfairly targeting "white hat" hackers who reveal online security flaws.
Lawyers for internet rights group Electronic Frontier Foundation have joined Auernheimer's defence, saying he is being unduly punished for revealing an AT&T network flaw to the media.
"Weev is facing more than three years in prison because he pointed out that a company failed to protect its users' data, even though his actions didn't harm anyone," said EFF attorney Marcia Hofmann.
"The punishments for computer crimes are seriously off-kilter, and congress needs to fix them."
But US Attorney Paul Fishman said Auernheimer "knew he was breaking the law" and that "when it became clear that he was in trouble, he concocted the fiction that he was trying to make the internet more secure ... The jury didn't buy it, and neither did the court in imposing sentence upon him today."
Auerheimer's co-defendant Daniel Spitler discovered that AT&T configured its servers so that queries made using ID numbers from SIM cards in iPads got back the e-mail address of respective iPad owners.
Spitler wrote a computer program that exploited the security hole to collect approximately 120,000 e-mail addresses, and Auernheimer sent the list to several journalists to spotlight the security problem, according to the EFF. Spitler and Auernheimer were criminally charged as co-defendants.